NASA Denies Recent Iranian Hacker Claims

Earlier this month, SecurityWeekreported that NASA was investigating claims made by a group of Iranian hackers that an SSL certificate issued to its Research and Education Support Services (NRESS) group was compromised, and used in a Man-in-the-Middle attack.

As part of the claimed attack, an Iranian student group comprised of programmers and hackers known as the Cyber Warriors Team, claimed to have compromised the certificate by exploiting an existing vulnerability within the portal’s login system. Once they had control over the certificate, they claimed to have used it to “obtain User information for thousands of NASA researcher With Emails and Accounts of other users.”

After telling SecurityWeek on May 18th that the space agency was investigating the claims, NASA has now said that the hacker claims appear to be false.

“NASA discovered the message within hours of its initial post and immediately started an investigation,” a NASA spokesperson told SecurityWeek on Friday via email. “Although the investigation is ongoing, all results thus far indicate that the claims are false.”

“False compromise claims about intrusions on NASA IT systems are common,” the spokesperson added. “For example, the same day the Iranian claim was posted, NASA investigated two additional claims of intrusions posted on the same web site. They also were found to be false.”

While these claims may or may not be true based on what has been found so far, the agency has fallen victim to several breaches in the past, and has admitted its security shortcomings.

In March, NASA Inspector General Paul K. Martin told the House’s Committee on Science, Space, and Technology’s Subcommittee on Investigations and Oversight, that the agency faces serious challenges when it comes to protecting its information and systems from cyber attacks. Martin said that NASA was the victim of 47 APT attacks, 13 of which compromised agency systems during FY 2011. In one incident, attackers captured user credentials for more than 150 NASA employees that could have been used to gain unauthorized access to NASA systems. “The attackers had full functional control over these networks,” he said.

In response to the latest claims coming from the group of Iranian hackers, NASA said it was still investigating the issue, and assessing its security posture in certain places.

“To ensure that the subject systems are secure, NASA is re-validating its security profiles to ensure they are operating with minimal risk,” the NASA spokesperson said. “IT Security remains a critical function at NASA. At no point were any sensitive, mission, or classified systems compromised.”

While NASA is refuting the claims that the said SSL certificate was compromised, and that no sensitive or classified information appear to have been accessed by attackers, it doesn’t mean that possibly some other IT assets were compromised. “This is as much as our security people are able to say on this,” the spokesperson said. “That doesn’t mean anything else was accessed, but I won’t be able to confirm it either way.”

For more than 10 years, Mike Lennon has been closely monitoring and analyzing trends in the enterprise IT security space and the threat landscape. In his role at SecurityWeek he oversees the editorial direction of the publication and manages several leading security conferences.